1. Field
One or more exemplary embodiments relate to a method and apparatus for detecting malware and a recording medium thereof.
2. Description of the Related Art
Generally, malware is a collective term used to refer to any malicious software which enters a system without authorization of a user of the system. Malware is commonly designed, for example, to sneak confidential information, control remote systems for malicious purposes, disrupt mission-critical services, and the like. Malware can infect other executable code, data/system files, and boot partitions of drives and can create excessive traffic on network leading to denial of service.
Due to the pervasiveness of various electronic devices, such as smart phones, tablets, and computers, the electronic devices have become an easy means for spreading malware. The electronic devices connect directly or indirectly with many other electronic devices. For example, the electronic devices connect with other electronic devices through Wi-Fi, bluetooth, Infrared (IR), and near-field communication (NFC) or in the form of a message exchange, such as emails, short message service (SMS), multimedia message service (MMS), and instant message (IM) exchange. If malware infects electronic devices, the electronic devices can spread malware by being connected with other electronic devices.
Conventional systems and methods of detecting malware in electronic devices allow the network operators to blacklist internet protocol (IP) addresses, domain names, and uniform resource locators (URLs) to control the spread of malware. Then, policy engines and web filtering applications can be used to identify such malware sources and block communication with the known malware sources based on the blacklist information.
However, malware-spreading-agents have found ways to avoid detection by sites and domains of the policy engines and the web filtering applications for preventing the spread of malware, to which to spread malware.
Further, most of anti-malware solutions rely on malware signature such as binary pattern characteristic of malicious code. Such an anti-malware solution includes repeatedly checking suspected files for the presence of any such malware signatures.
Meanwhile, according to a behavior-based monitoring approach, techniques such as mass mailers can be used in determining whether a program is infected by malware. According to the behavior-based monitoring approach, profiles are created that outline normal program behavior and any deviations from that profile can be flagged as suspicious. However, such an approach may be complicated and may include significant challenges in the profile construction process.
In addition, basic detection, rate-limiting, blocking, and quarantine mechanisms are used to detect and control the spread of malware in electronic devices.
As described above, the conventional systems and methods have problems to solve, in order to detect and proactively control malware spreading across the electronic devices.